There’s a thread in the Tek-Tips VBScript forum asking for help with a mail script issue that I believe is being erroneously flagged as VBS:MailWorm-gen [Wrm]. I don’t see anything wrong with the code… nor any hidden iframes, images, etc, so believe this to be a false positive.
I think that the problem is the use of actual code rather than an image of the said code in the page and avast is alerting on that code.
Now I don’t know if could be malicious, but that is most certainly why. Only avast and GData detect this and since GData uses avast as one of its two scanners, that really counts as one detection, so it is likely to be an FP. So it needs further investigation.
Well I don’t know what they fixed (no alert now), possibly the part that they have wrapped in a Code tag, but it is always an issue when posting code that may either be used maliciously or appear that way.
However, having said that I believe that it was avast correcting the detection signature as the sample that I submitted for analysis and retained in the avast chest is no longer detected.
Now it has been resolved there is no real need to modify the URL, it is just good practice when giving a link to what may be a suspect site.